Gemalto Admits Hack, But Denies Theft Of SIM Encryption Keys

Exterior view of the building housing the head office of Gemalto, which produces "subscriber identity modules", or SIM cards, in Amsterdam, Netherlands, Friday, Feb. 20, 2015. Britain's electronic spying agency, in cooperation with the U.S. National Security Agency, hacked into the networks of Dutch company Gemalto to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide, according to the documents given to journalists by Edward Snowden. (AP Photo/Peter Dejong)

ADVERTISEMENT

Dutch SIM card manufacturer Gemalto has published the findings of its internal investigation into the alleged hacking of SIM card encryption keys by GCHQ and NSA.

Gemalto admitted that it had detected sophisticated intrusions in 2010 and 2011, but that they only “breached its office networks” and that they "could not have resulted in a massive theft of SIM encryption keys".

The statement also pointed out that they had never sold SIM cards to “four of the twelve operators listed in the documents, in particular to the Somali carrier where a reported 300,000 keys were stolen.”

Even if the keys were stolen, Gemalto also maintained that intelligence services would only be able to spy on 2G mobile networks, as 3G and 4G connections aren’t susceptible to such attacks.

“By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft”, the statement said.

Gemalto’s statement was in response to a report last week published by The Intercept, which claimed that the GHHQ and NSA could seamlessly eavesdrop on mobile phones worldwide. The claims were backed by documents provided to the publication by NSA whistleblower Edward Snowden.